https://bugs.winehq.org/show_bug.cgi?id=38908
Bug ID: 38908 Summary: PlanetSide 2 v5.2.4.x launcher process exit causes wineserver crash Product: Wine Version: 1.7.47 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: wineserver Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
found this by chance ...
--- snip --- (gdb) c Continuing.
Program received signal SIGSEGV, Segmentation fault. 0x000000000042733a in grab_object (ptr=0x0) at /home/focht/projects/wine/wine.repo/src/server/object.c:298 298 assert( obj->refcount < INT_MAX ); (gdb) bt #0 0x000000000042733a in grab_object (ptr=0x0) at /home/focht/projects/wine/wine.repo/src/server/object.c:298 #1 0x0000000000410da7 in add_irp_to_queue (file=0x2a8e9a0, irp=0x2a948f0) at /home/focht/projects/wine/wine.repo/src/server/device.c:347 #2 0x0000000000411189 in device_file_close_handle (obj=0x2a8e9a0, process=0x29e5a20, handle=104) at /home/focht/projects/wine/wine.repo/src/server/device.c:429 #3 0x000000000041c6fc in handle_table_destroy (obj=0x29e5ba0) at /home/focht/projects/wine/wine.repo/src/server/handle.c:175 #4 0x000000000042748a in release_object (ptr=0x29e5ba0) at /home/focht/projects/wine/wine.repo/src/server/object.c:313 #5 0x000000000041c7c7 in close_process_handles (process=0x29e5a20) at /home/focht/projects/wine/wine.repo/src/server/handle.c:194 #6 0x000000000042a132 in process_killed (process=0x29e5a20) at /home/focht/projects/wine/wine.repo/src/server/process.c:817 #7 0x000000000042a510 in remove_process_thread (process=0x29e5a20, thread=0x2a0c9e0) at /home/focht/projects/wine/wine.repo/src/server/process.c:883 #8 0x000000000044af03 in kill_thread (thread=0x2a0c9e0, violent_death=0) at /home/focht/projects/wine/wine.repo/src/server/thread.c:1107 #9 0x0000000000448836 in thread_poll_event (fd=0x2a0cc10, event=16) at /home/focht/projects/wine/wine.repo/src/server/thread.c:266 #10 0x0000000000415130 in fd_poll_event (fd=0x2a0cc10, event=16) at /home/focht/projects/wine/wine.repo/src/server/fd.c:446 #11 0x000000000041550a in main_loop_epoll () at /home/focht/projects/wine/wine.repo/src/server/fd.c:541 #12 0x0000000000415b1c in main_loop () at /home/focht/projects/wine/wine.repo/src/server/fd.c:886 #13 0x0000000000420fa5 in main (argc=1, argv=0x7ffdb89b57c8) at /home/focht/projects/wine/wine.repo/src/server/main.c:148
(gdb) frame 1
#1 0x0000000000410da7 in add_irp_to_queue (file=0x2a8e9a0, irp=0x2a948f0) at /home/focht/projects/wine/wine.repo/src/server/device.c:347 347 irp->thread = (struct thread *)grab_object( current );
(gdb) p *file
$1 = {obj = {refcount = 2, handle_count = 1, ops = 0x4741e0 <device_file_ops>, wait_queue = {next = 0x2a8e9b0, prev = 0x2a8e9b0}, name = 0x0, sd = 0x0, obj_list = {next = 0x2a8eb30, prev = 0x2a8ea50}}, device = 0x29b18b0, fd = 0x2a8ea20, user_ptr = 1121136, entry = {next = 0x29b1918, prev = 0x29b1918}, requests = {next = 0x2a8ea08, prev = 0x2a8ea08}}
(gdb) p *irp
$2 = {obj = {refcount = 2, handle_count = 0, ops = 0x474060 <irp_call_ops>, wait_queue = {next = 0x2a94900, prev = 0x2a94900}, name = 0x0, sd = 0x0, obj_list = {next = 0x2a8f8d0, prev = 0x699580 <object_list>}}, dev_entry = {next = 0x5555555555555555, prev = 0x5555555555555555}, mgr_entry = { next = 0x5555555555555555, prev = 0x5555555555555555}, file = 0x2a8e9a0, thread = 0x5555555555555555, user_arg = 6148914691236517205, async = 0x0, status = 259, params = {major = 2, create = {major = 2, access = 13, sharing = 1121136, options = 0, device = 43932192}, close = {major = 2, __pad = 13, file = 1121136}, read = {major = 2, key = 13, file = 1121136, pos = 43932192}, write = {major = 2, key = 13, file = 1121136, pos = 43932192}, flush = { major = 2, __pad = 13, file = 1121136}, ioctl = {major = 2, code = 13, file = 1121136}}, result = 0, in_size = 0, in_data = 0x0, out_size = 0, out_data = 0x0}
$ (gdb) frame 2
#2 0x0000000000411189 in device_file_close_handle (obj=0x2a8e9a0, process=0x29e5a20, handle=104) at /home/focht/projects/wine/wine.repo/src/server/device.c:429 429 add_irp_to_queue( file, irp );
(gdb) p *obj
$5 = {refcount = 2, handle_count = 1, ops = 0x4741e0 <device_file_ops>, wait_queue = {next = 0x2a8e9b0, prev = 0x2a8e9b0}, name = 0x0, sd = 0x0, obj_list = { next = 0x2a8eb30, prev = 0x2a8ea50}}
(gdb) p *process
$4 = {obj = {refcount = 57, handle_count = 0, ops = 0x477080 <process_ops>, wait_queue = {next = 0x29e5a30, prev = 0x29e5a30}, name = 0x0, sd = 0x0, obj_list = {next = 0x2a07fe0, prev = 0x29fb160}}, entry = {next = 0x2a13e90, prev = 0x6995a0 <process_list>}, parent = 0x0, thread_list = { next = 0x29e5a78, prev = 0x29e5a78}, debugger = 0x0, handles = 0x0, msg_fd = 0x29fb130, id = 8, group_id = 8, sigkill_timeout = 0x0, cpu = CPU_x86, unix_pid = 1166, exit_code = 0, running_threads = 0, start_time = 130812070795368620, end_time = 130812071183535560, affinity = 15, priority = 2, suspend = 0, is_system = 0, debug_children = 0, is_terminating = 1, job = 0x0, job_entry = {next = 0x5555555555555555, prev = 0x5555555555555555}, locks = { next = 0x29e5b00, prev = 0x29e5b00}, classes = {next = 0x2a94200, prev = 0x2a8e770}, console = 0x2a10100, startup_state = STARTUP_DONE, startup_info = 0x0, idle_event = 0x2a6e170, winstation = 0, desktop = 0, token = 0x2a08770, dlls = {next = 0x2a6e5b0, prev = 0x2a94850}, peb = 2147348480, ldt_copy = 4151760128, trace_data = 0, rawinput_devices = {next = 0x29e5b78, prev = 0x29e5b78}, rawinput_mouse = 0x0, rawinput_kbd = 0x0}
--- snip ---
$ wine --version wine-1.7.47
Regards
https://bugs.winehq.org/show_bug.cgi?id=38908
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |https://www.planetside2.com | |/
https://bugs.winehq.org/show_bug.cgi?id=38908
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
--- Comment #1 from Sebastian Lackner sebastian@fds-team.de --- Most likely introduced by http://source.winehq.org/git/wine.git/commit/350ee62ab4ea40904296dcf90cf0529....
Technically easy to fix, but I am not sure what matches the Windows behavior. At the time when the kernel cleans up the remaining handles of the terminated process, there is no thread anymore, and storing a reference to a process is also not possible. Most likely we should store the client_{pid,tid} directly in the irp structure, and client_tid is NULL then?
https://bugs.winehq.org/show_bug.cgi?id=38908
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |regression Regression SHA1| |350ee62ab4ea40904296dcf90cf | |052938ca4ae75
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello Sebastian,
yes, it's that commit.
I only reverted the 'device_file_ops' part of it for faster rebuild/test.
--- snip --- $ git diff diff --git a/server/device.c b/server/device.c index e8ef832..c4954d4 100644 --- a/server/device.c +++ b/server/device.c @@ -198,7 +198,7 @@ static const struct object_ops device_file_ops = default_set_sd, /* set_sd */ no_lookup_name, /* lookup_name */ no_open_file, /* open_file */ - device_file_close_handle, /* close_handle */ + no_close_handle, /* close_handle */ device_file_destroy /* destroy */ }; --- snip ---
--- quote --- Most likely we should store the client_{pid,tid} directly in the irp structure, and client_tid is NULL then? --- quote ---
How would that be useful? As you said - at the time of process handle table destruction the process and all its associated threads are already dead ('current' = non-referenceable).
The "close handle" IRP is dispatched to a device manager thread ('mountmanager' in this case) and ought to be fulfilled there.
Unfortunately the device request "ping-pong" can't work here, there is no client to "reply" anymore.
Regards
https://bugs.winehq.org/show_bug.cgi?id=38908
Ken Sharp imwellcushtymelike@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |critical
--- Comment #3 from Ken Sharp imwellcushtymelike@gmail.com --- Setting to critical as per other wineserver crash bugs (wineserver should never crash....).
https://bugs.winehq.org/show_bug.cgi?id=38908
--- Comment #4 from Sebastian Lackner sebastian@fds-team.de --- Should already be fixed by http://source.winehq.org/git/wine.git/commit/9cef52ffd6a3d0c04b96ee44c36aa72...
https://bugs.winehq.org/show_bug.cgi?id=38908
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |9cef52ffd6a3d0c04b96ee44c36 | |aa72e2c1c1537 Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,
this fixed by commit https://source.winehq.org/git/wine.git/commitdiff/9cef52ffd6a3d0c04b96ee44c3...
Thanks Alexandre
Regards
https://bugs.winehq.org/show_bug.cgi?id=38908
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #6 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.48.
https://bugs.winehq.org/show_bug.cgi?id=38908
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|https://www.planetside2.com |https://web.archive.org/web |/ |/20150321220027/https://lau | |nch.soe.com/installer/PS2_s | |etup.exe
--- Comment #7 from Anastasius Focht focht@gmx.net --- Hello folks,
adding stable download link via Internet Archive for documentation.
https://web.archive.org/web/20150321220027/https://launch.soe.com/installer/...
https://www.virustotal.com/gui/file/f0535df38170525ce5b891241dad992b5bbbef94...
$ sha1sum PS2_setup.exe 0c3eb3ec1855c676654c57e9d1e531ba9a58ad5e PS2_setup.exe
$ du -sh PS2_setup.exe 23M PS2_setup.exe
--- snip- --- -=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> C:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 1041240 (0FE358h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x53236633 -> Fri 14th Mar 2014 20:27:31 (GMT) [TimeStamp] 0x53236633 -> Fri 14th Mar 2014 20:27:31 (GMT) | PE Header | - | Offset: 0x000000F8 | VA: 0x004000F8 | - [TimeStamp] 0x53236633 -> Fri 14th Mar 2014 20:27:31 (GMT) | DebugDirectory | - | Offset: 0x000AB654 | VA: 0x004AC654 | - -> File Appears to be Digitally Signed @ Offset 0FCA00h, size : 01958h / 06488 byte(s) [LoadConfig] Struct determined as v8 (Expected size 140 | Actual size 64) [!] Executable uses SEH Tables (/SAFESEH) (381 calculated 381 recorded... 0 invalid addresses) [LoadConfig] CodeIntegrity -> Flags 0x2 | Catalog 0x0 (0) | Catalog Offset 0x445C3A47 | Reserved 0x475C7665 [LoadConfig] GuardAddressTakenIatEntryTable 0x54656D61 | Count 0x6E686365 (1852334949) [LoadConfig] GuardLongJumpTargetTable 0x676F6C6F | Count 0x70654479 (1885684857) [LoadConfig] HybridMetadataPointer 0x5C796F6C | DynamicValueRelocTable 0x6E75614C [LoadConfig] FailFastIndirectProc 0x61506863 | FailFastPointer 0x61515C64 [LoadConfig] UnknownZero1 0x646F435C [File Heuristics] -> Flag #1 : 00000100000001001101000000000100 (0x0404D004) [Entrypoint Section Entropy] : 6.56 (section #0) ".text " | Size : 0xAAA9D (699037) byte(s) [DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA [SectionCount] 5 (0x5) | ImageSize 0x103000 (1060864) byte(s) [VersionInfo] Company Name : Sony Online Entertainment [VersionInfo] Product Name : LaunchPad [VersionInfo] Product Version : 5.2.5.26 [VersionInfo] File Description : Sony Online Entertainment LaunchPad [VersionInfo] File Version : 5.2.5.26 [VersionInfo] Original FileName : GameLauncher [VersionInfo] Internal Name : GameLauncher [VersionInfo] Legal Copyrights : ©2012 Sony Online Entertainment. LLC. [ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | GDI32.dll | WS2_32.dll | IPHLPAPI.DLL | WINMM.dll | PSAPI.DLL | ADVAPI32.dll | ole32.dll [ModuleReport] [DelayImport] Modules -> Awesomium.dll | SHELL32.dll | RPCRT4.dll [Debug Info] (record 1 of 1) (file offset 0xAB650) Characteristics : 0x0 | TimeDateStamp : 0x53236633 (Fri 14th Mar 2014 20:27:31 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x79 (121) AddressOfRawData : 0xD2228 | PointerToRawData : 0xD1228 CvSig : 0x53445352 | SigGuid F02D340F-6897-420A-A4D80C02AC4746D8 Age : 0x2 (2) | Pdb : G:\Dev\GameTechnologyDeploy\LaunchPad\Qa\Code\Output\Win32\Release\GameLauncher\GameLauncher.pdb [CdKeySerial] found "TestVersion" @ VA: 0x000B0C9C / Offset: 0x000AFC9C [CdKeySerial] found "Serial Number" @ VA: 0x000BA764 / Offset: 0x000B9764 [CdKeySerial] found "SerialNumber" @ VA: 0x000BA93E / Offset: 0x000B993E [CdKeySerial] found "TestVersion" @ VA: 0x000BB4DE / Offset: 0x000BA4DE [CdKeySerial] found "TestVersion" @ VA: 0x000BB532 / Offset: 0x000BA532 [CdKeySerial] found "Invalid code" @ VA: 0x000E792C / Offset: 0x000E632C [CompilerDetect] -> Visual C++ 9.0 (Visual Studio 2008) [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.417 Second(s) [0000001A1h (417) tick(s)] [506 of 580 scan(s) done] --- snip ---
Regards
-
wine-bugs@winehq.org -
WineHQ Bugzilla